1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Crypto API support for SHA-224, SHA-256, HMAC-SHA224, and HMAC-SHA256 4 * 5 * Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com> 6 * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk> 7 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> 8 * SHA224 Support Copyright 2007 Intel Corporation <jonathan.lynch@intel.com> 9 * Copyright 2025 Google LLC 10 */ 11 #include <crypto/internal/hash.h> 12 #include <crypto/sha2.h> 13 #include <linux/kernel.h> 14 #include <linux/module.h> 15 16 /* 17 * Export and import functions. crypto_shash wants a particular format that 18 * matches that used by some legacy drivers. It currently is the same as the 19 * library SHA context, except the value in bytecount must be block-aligned and 20 * the remainder must be stored in an extra u8 appended to the struct. 21 */ 22 23 #define SHA256_SHASH_STATE_SIZE 105 24 static_assert(offsetof(struct __sha256_ctx, state) == 0); 25 static_assert(offsetof(struct __sha256_ctx, bytecount) == 32); 26 static_assert(offsetof(struct __sha256_ctx, buf) == 40); 27 static_assert(sizeof(struct __sha256_ctx) + 1 == SHA256_SHASH_STATE_SIZE); 28 29 static int __crypto_sha256_export(const struct __sha256_ctx *ctx0, void *out) 30 { 31 struct __sha256_ctx ctx = *ctx0; 32 unsigned int partial; 33 u8 *p = out; 34 35 partial = ctx.bytecount % SHA256_BLOCK_SIZE; 36 ctx.bytecount -= partial; 37 memcpy(p, &ctx, sizeof(ctx)); 38 p += sizeof(ctx); 39 *p = partial; 40 return 0; 41 } 42 43 static int __crypto_sha256_import(struct __sha256_ctx *ctx, const void *in) 44 { 45 const u8 *p = in; 46 47 memcpy(ctx, p, sizeof(*ctx)); 48 p += sizeof(*ctx); 49 ctx->bytecount += *p; 50 return 0; 51 } 52 53 static int __crypto_sha256_export_core(const struct __sha256_ctx *ctx, 54 void *out) 55 { 56 memcpy(out, ctx, offsetof(struct __sha256_ctx, buf)); 57 return 0; 58 } 59 60 static int __crypto_sha256_import_core(struct __sha256_ctx *ctx, const void *in) 61 { 62 memcpy(ctx, in, offsetof(struct __sha256_ctx, buf)); 63 return 0; 64 } 65 66 /* SHA-224 */ 67 68 const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE] = { 69 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47, 70 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2, 71 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4, 72 0x2f 73 }; 74 EXPORT_SYMBOL_GPL(sha224_zero_message_hash); 75 76 #define SHA224_CTX(desc) ((struct sha224_ctx *)shash_desc_ctx(desc)) 77 78 static int crypto_sha224_init(struct shash_desc *desc) 79 { 80 sha224_init(SHA224_CTX(desc)); 81 return 0; 82 } 83 84 static int crypto_sha224_update(struct shash_desc *desc, 85 const u8 *data, unsigned int len) 86 { 87 sha224_update(SHA224_CTX(desc), data, len); 88 return 0; 89 } 90 91 static int crypto_sha224_final(struct shash_desc *desc, u8 *out) 92 { 93 sha224_final(SHA224_CTX(desc), out); 94 return 0; 95 } 96 97 static int crypto_sha224_digest(struct shash_desc *desc, 98 const u8 *data, unsigned int len, u8 *out) 99 { 100 sha224(data, len, out); 101 return 0; 102 } 103 104 static int crypto_sha224_export(struct shash_desc *desc, void *out) 105 { 106 return __crypto_sha256_export(&SHA224_CTX(desc)->ctx, out); 107 } 108 109 static int crypto_sha224_import(struct shash_desc *desc, const void *in) 110 { 111 return __crypto_sha256_import(&SHA224_CTX(desc)->ctx, in); 112 } 113 114 static int crypto_sha224_export_core(struct shash_desc *desc, void *out) 115 { 116 return __crypto_sha256_export_core(&SHA224_CTX(desc)->ctx, out); 117 } 118 119 static int crypto_sha224_import_core(struct shash_desc *desc, const void *in) 120 { 121 return __crypto_sha256_import_core(&SHA224_CTX(desc)->ctx, in); 122 } 123 124 /* SHA-256 */ 125 126 const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE] = { 127 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 128 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 129 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 130 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 131 }; 132 EXPORT_SYMBOL_GPL(sha256_zero_message_hash); 133 134 #define SHA256_CTX(desc) ((struct sha256_ctx *)shash_desc_ctx(desc)) 135 136 static int crypto_sha256_init(struct shash_desc *desc) 137 { 138 sha256_init(SHA256_CTX(desc)); 139 return 0; 140 } 141 142 static int crypto_sha256_update(struct shash_desc *desc, 143 const u8 *data, unsigned int len) 144 { 145 sha256_update(SHA256_CTX(desc), data, len); 146 return 0; 147 } 148 149 static int crypto_sha256_final(struct shash_desc *desc, u8 *out) 150 { 151 sha256_final(SHA256_CTX(desc), out); 152 return 0; 153 } 154 155 static int crypto_sha256_digest(struct shash_desc *desc, 156 const u8 *data, unsigned int len, u8 *out) 157 { 158 sha256(data, len, out); 159 return 0; 160 } 161 162 static int crypto_sha256_export(struct shash_desc *desc, void *out) 163 { 164 return __crypto_sha256_export(&SHA256_CTX(desc)->ctx, out); 165 } 166 167 static int crypto_sha256_import(struct shash_desc *desc, const void *in) 168 { 169 return __crypto_sha256_import(&SHA256_CTX(desc)->ctx, in); 170 } 171 172 static int crypto_sha256_export_core(struct shash_desc *desc, void *out) 173 { 174 return __crypto_sha256_export_core(&SHA256_CTX(desc)->ctx, out); 175 } 176 177 static int crypto_sha256_import_core(struct shash_desc *desc, const void *in) 178 { 179 return __crypto_sha256_import_core(&SHA256_CTX(desc)->ctx, in); 180 } 181 182 /* HMAC-SHA224 */ 183 184 #define HMAC_SHA224_KEY(tfm) ((struct hmac_sha224_key *)crypto_shash_ctx(tfm)) 185 #define HMAC_SHA224_CTX(desc) ((struct hmac_sha224_ctx *)shash_desc_ctx(desc)) 186 187 static int crypto_hmac_sha224_setkey(struct crypto_shash *tfm, 188 const u8 *raw_key, unsigned int keylen) 189 { 190 hmac_sha224_preparekey(HMAC_SHA224_KEY(tfm), raw_key, keylen); 191 return 0; 192 } 193 194 static int crypto_hmac_sha224_init(struct shash_desc *desc) 195 { 196 hmac_sha224_init(HMAC_SHA224_CTX(desc), HMAC_SHA224_KEY(desc->tfm)); 197 return 0; 198 } 199 200 static int crypto_hmac_sha224_update(struct shash_desc *desc, 201 const u8 *data, unsigned int len) 202 { 203 hmac_sha224_update(HMAC_SHA224_CTX(desc), data, len); 204 return 0; 205 } 206 207 static int crypto_hmac_sha224_final(struct shash_desc *desc, u8 *out) 208 { 209 hmac_sha224_final(HMAC_SHA224_CTX(desc), out); 210 return 0; 211 } 212 213 static int crypto_hmac_sha224_digest(struct shash_desc *desc, 214 const u8 *data, unsigned int len, 215 u8 *out) 216 { 217 hmac_sha224(HMAC_SHA224_KEY(desc->tfm), data, len, out); 218 return 0; 219 } 220 221 static int crypto_hmac_sha224_export(struct shash_desc *desc, void *out) 222 { 223 return __crypto_sha256_export(&HMAC_SHA224_CTX(desc)->ctx.sha_ctx, out); 224 } 225 226 static int crypto_hmac_sha224_import(struct shash_desc *desc, const void *in) 227 { 228 struct hmac_sha224_ctx *ctx = HMAC_SHA224_CTX(desc); 229 230 ctx->ctx.ostate = HMAC_SHA224_KEY(desc->tfm)->key.ostate; 231 return __crypto_sha256_import(&ctx->ctx.sha_ctx, in); 232 } 233 234 static int crypto_hmac_sha224_export_core(struct shash_desc *desc, void *out) 235 { 236 return __crypto_sha256_export_core(&HMAC_SHA224_CTX(desc)->ctx.sha_ctx, 237 out); 238 } 239 240 static int crypto_hmac_sha224_import_core(struct shash_desc *desc, 241 const void *in) 242 { 243 struct hmac_sha224_ctx *ctx = HMAC_SHA224_CTX(desc); 244 245 ctx->ctx.ostate = HMAC_SHA224_KEY(desc->tfm)->key.ostate; 246 return __crypto_sha256_import_core(&ctx->ctx.sha_ctx, in); 247 } 248 249 /* HMAC-SHA256 */ 250 251 #define HMAC_SHA256_KEY(tfm) ((struct hmac_sha256_key *)crypto_shash_ctx(tfm)) 252 #define HMAC_SHA256_CTX(desc) ((struct hmac_sha256_ctx *)shash_desc_ctx(desc)) 253 254 static int crypto_hmac_sha256_setkey(struct crypto_shash *tfm, 255 const u8 *raw_key, unsigned int keylen) 256 { 257 hmac_sha256_preparekey(HMAC_SHA256_KEY(tfm), raw_key, keylen); 258 return 0; 259 } 260 261 static int crypto_hmac_sha256_init(struct shash_desc *desc) 262 { 263 hmac_sha256_init(HMAC_SHA256_CTX(desc), HMAC_SHA256_KEY(desc->tfm)); 264 return 0; 265 } 266 267 static int crypto_hmac_sha256_update(struct shash_desc *desc, 268 const u8 *data, unsigned int len) 269 { 270 hmac_sha256_update(HMAC_SHA256_CTX(desc), data, len); 271 return 0; 272 } 273 274 static int crypto_hmac_sha256_final(struct shash_desc *desc, u8 *out) 275 { 276 hmac_sha256_final(HMAC_SHA256_CTX(desc), out); 277 return 0; 278 } 279 280 static int crypto_hmac_sha256_digest(struct shash_desc *desc, 281 const u8 *data, unsigned int len, 282 u8 *out) 283 { 284 hmac_sha256(HMAC_SHA256_KEY(desc->tfm), data, len, out); 285 return 0; 286 } 287 288 static int crypto_hmac_sha256_export(struct shash_desc *desc, void *out) 289 { 290 return __crypto_sha256_export(&HMAC_SHA256_CTX(desc)->ctx.sha_ctx, out); 291 } 292 293 static int crypto_hmac_sha256_import(struct shash_desc *desc, const void *in) 294 { 295 struct hmac_sha256_ctx *ctx = HMAC_SHA256_CTX(desc); 296 297 ctx->ctx.ostate = HMAC_SHA256_KEY(desc->tfm)->key.ostate; 298 return __crypto_sha256_import(&ctx->ctx.sha_ctx, in); 299 } 300 301 static int crypto_hmac_sha256_export_core(struct shash_desc *desc, void *out) 302 { 303 return __crypto_sha256_export_core(&HMAC_SHA256_CTX(desc)->ctx.sha_ctx, 304 out); 305 } 306 307 static int crypto_hmac_sha256_import_core(struct shash_desc *desc, 308 const void *in) 309 { 310 struct hmac_sha256_ctx *ctx = HMAC_SHA256_CTX(desc); 311 312 ctx->ctx.ostate = HMAC_SHA256_KEY(desc->tfm)->key.ostate; 313 return __crypto_sha256_import_core(&ctx->ctx.sha_ctx, in); 314 } 315 316 /* Algorithm definitions */ 317 318 static struct shash_alg algs[] = { 319 { 320 .base.cra_name = "sha224", 321 .base.cra_driver_name = "sha224-lib", 322 .base.cra_priority = 300, 323 .base.cra_blocksize = SHA224_BLOCK_SIZE, 324 .base.cra_module = THIS_MODULE, 325 .digestsize = SHA224_DIGEST_SIZE, 326 .init = crypto_sha224_init, 327 .update = crypto_sha224_update, 328 .final = crypto_sha224_final, 329 .digest = crypto_sha224_digest, 330 .export = crypto_sha224_export, 331 .import = crypto_sha224_import, 332 .export_core = crypto_sha224_export_core, 333 .import_core = crypto_sha224_import_core, 334 .descsize = sizeof(struct sha224_ctx), 335 .statesize = SHA256_SHASH_STATE_SIZE, 336 }, 337 { 338 .base.cra_name = "sha256", 339 .base.cra_driver_name = "sha256-lib", 340 .base.cra_priority = 300, 341 .base.cra_blocksize = SHA256_BLOCK_SIZE, 342 .base.cra_module = THIS_MODULE, 343 .digestsize = SHA256_DIGEST_SIZE, 344 .init = crypto_sha256_init, 345 .update = crypto_sha256_update, 346 .final = crypto_sha256_final, 347 .digest = crypto_sha256_digest, 348 .export = crypto_sha256_export, 349 .import = crypto_sha256_import, 350 .export_core = crypto_sha256_export_core, 351 .import_core = crypto_sha256_import_core, 352 .descsize = sizeof(struct sha256_ctx), 353 .statesize = SHA256_SHASH_STATE_SIZE, 354 }, 355 { 356 .base.cra_name = "hmac(sha224)", 357 .base.cra_driver_name = "hmac-sha224-lib", 358 .base.cra_priority = 300, 359 .base.cra_blocksize = SHA224_BLOCK_SIZE, 360 .base.cra_ctxsize = sizeof(struct hmac_sha224_key), 361 .base.cra_module = THIS_MODULE, 362 .digestsize = SHA224_DIGEST_SIZE, 363 .setkey = crypto_hmac_sha224_setkey, 364 .init = crypto_hmac_sha224_init, 365 .update = crypto_hmac_sha224_update, 366 .final = crypto_hmac_sha224_final, 367 .digest = crypto_hmac_sha224_digest, 368 .export = crypto_hmac_sha224_export, 369 .import = crypto_hmac_sha224_import, 370 .export_core = crypto_hmac_sha224_export_core, 371 .import_core = crypto_hmac_sha224_import_core, 372 .descsize = sizeof(struct hmac_sha224_ctx), 373 .statesize = SHA256_SHASH_STATE_SIZE, 374 }, 375 { 376 .base.cra_name = "hmac(sha256)", 377 .base.cra_driver_name = "hmac-sha256-lib", 378 .base.cra_priority = 300, 379 .base.cra_blocksize = SHA256_BLOCK_SIZE, 380 .base.cra_ctxsize = sizeof(struct hmac_sha256_key), 381 .base.cra_module = THIS_MODULE, 382 .digestsize = SHA256_DIGEST_SIZE, 383 .setkey = crypto_hmac_sha256_setkey, 384 .init = crypto_hmac_sha256_init, 385 .update = crypto_hmac_sha256_update, 386 .final = crypto_hmac_sha256_final, 387 .digest = crypto_hmac_sha256_digest, 388 .export = crypto_hmac_sha256_export, 389 .import = crypto_hmac_sha256_import, 390 .export_core = crypto_hmac_sha256_export_core, 391 .import_core = crypto_hmac_sha256_import_core, 392 .descsize = sizeof(struct hmac_sha256_ctx), 393 .statesize = SHA256_SHASH_STATE_SIZE, 394 }, 395 }; 396 397 static int __init crypto_sha256_mod_init(void) 398 { 399 return crypto_register_shashes(algs, ARRAY_SIZE(algs)); 400 } 401 module_init(crypto_sha256_mod_init); 402 403 static void __exit crypto_sha256_mod_exit(void) 404 { 405 crypto_unregister_shashes(algs, ARRAY_SIZE(algs)); 406 } 407 module_exit(crypto_sha256_mod_exit); 408 409 MODULE_LICENSE("GPL"); 410 MODULE_DESCRIPTION("Crypto API support for SHA-224, SHA-256, HMAC-SHA224, and HMAC-SHA256"); 411 412 MODULE_ALIAS_CRYPTO("sha224"); 413 MODULE_ALIAS_CRYPTO("sha224-lib"); 414 MODULE_ALIAS_CRYPTO("sha256"); 415 MODULE_ALIAS_CRYPTO("sha256-lib"); 416 MODULE_ALIAS_CRYPTO("hmac(sha224)"); 417 MODULE_ALIAS_CRYPTO("hmac-sha224-lib"); 418 MODULE_ALIAS_CRYPTO("hmac(sha256)"); 419 MODULE_ALIAS_CRYPTO("hmac-sha256-lib"); 420